Attack on a U-Prove Revocation Scheme
L. Hanzlik, K. Kluczniak, M. Kutylowski
Wroclaw University of Technology
We analyse security of the scheme proposed in the paper ``Accumulators and U-Prove Revocation",
published in the Financial Cryptography 2013 proceedings. As the title says, the authors propose
an extension for U-Prove, the credential system developed by Microsoft. This extension allows
to revoke tokens (containers for credentials) using a new cryptographic accumulator scheme.
We show that, under certain conditions, there exists an attack that allows a user to pass
the verification while using a revoked U-Prove token. It follows that the proposed solution fails
to fulfil the primary goal of revocation schemes.
Recently, a closely related system has been published by Microsoft Research in
``U-Prove Designated-Verifier Accumulator Revocation Extension, Draf 1 Revision".
Our attack does not work for this version of revocation.
Accepted for Financial Cryptography 2014